Spy News (with Devil Ring Security Alert)

You Could Be An International Spy ...and not know it!
J. Reece Roth, an electrical engineering professor at the University of Tennessee, passed along a research paper to Sirous Nourgostar, a graduate student from Iran working under his supervision. It contained details on refined plasma actuator technology, which uses ionized gas to improve aircraft control. Roth was doing research on flight performance for a U.S. Air Force contractor and had relied on the assistance of Nourgostar and of Xin Dai, a Chinese national also studying under him... bad idea.

Roth, who pleaded not guilty, got entangled in a little-known area of export law that is alarming big business and scientific researchers. It covers transfers of controlled technological information to foreigners on U.S. soil. The transfers are considered exports because they are "deemed" to be going to the country where the recipient is a citizen. (more)


Want to Be A Spy ...and know it!
Britain's secret spy agency, home to the very white and very male 007, is hunting for women and minorities to tackle global terrorism. More than 20,000 people have applied since MI6 began its open recruiting campaign about a year ago... (more)


Spying Has Its Down Side ...know it!
A former Hewlett-Packard Co. vice president faces up to 10 years in federal prison after pleading guilty to stealing trade secrets from his former employer, IBM. (more)

A federal judge sentenced a former Pentagon analyst to 57 months in prison for his role in providing China with classified defense information. (more)

A French journalist was charged with revealing manufacturing secrets after a car magazine published photos of a Renault model three years before it was to be rolled out in dealer showrooms... Renault filed suit for industrial espionage in July last year after photographs of its latest-generation Megane, a small family model and one of Europe's most popular cars, ran in Auto Plus. (more)

Still Wanna Be A Spy? ...no!
"Ok, you're free to go."
...yes!
Then you will probably want a "Ring of the devil" in your kit.
"There has been quite some speculation about this video (YouTube) of a magnetic ring that is used to open some models of Uhlmann & Zacher lock. Now, it is confirmed by the company itself the trick works." (more)

The Ultimate in Secure Business Meetings

Historic caves
thwart all eavesdroppers!




About 1000 feet into the white-walled chalk caves is a 40-foot diameter meeting room. Notables who have held their secret meetings here included Benjamin Franklin, Sir Francis Dashwood and their celebrity friends from the 1700's.

They required privacy for their 'Hellfire Club' meetings (rumored to be orgies). These days, corporate privacy needs are based on risk more than risqué.

Located just outside of London, the caves are available for corporate functions and parties.
Capacity...
Receptions: 120 people
Buffet: 100 people
Dinner: 50 people

Whiterock Defence, an international provider of information security services located near The Hellfire Caves, can help you secure this facility for a most memorable meeting. Contact Crispin Sturrock at +44 (0) 1494 538 222, or via email contact@whiterockdefence.com for complete details.

This past week, I visited The Caves for the second time.
You won't be disappointed. ~ Kevin

Executive Alert - Your Trip to China

from Forbes Magazine...
When traveling to China for the Olympics this summer, leave any expectation of privacy at the border. Instead, prepare for possible eavesdropping and surveillance--from listening devices in hotel rooms to bugged laptops and personal digital assistants to informers posing as friendly strangers.

Those who laugh at the seeming paranoia would be wise to remember that the U.S. recently accused Chinese authorities of allegedly copying data from the laptop of a visiting trade official last year and attempting to hack into the Commerce Department. The Chinese denied the allegations.

The U.S. Department of State advises tourists not to expect privacy in public or private locations, particularly in hotels, but a spokesman declined to comment further.

Wang Baodong, a spokesman for the Chinese embassy in Washington, D.C., was almost as tight-lipped. He declined to address specific allegations of spying on foreigners at the Olympics.

"No special security measures will be arranged beyond universally adopted international practice at public venues, hotels and offices in China," he says. "Privacy in China will be guaranteed according to the law."

But security experts say that Chinese law has few protections for individual privacy...

Bruce McIndoe, president of the security consulting company iJet, routinely warns his corporate clients about threats to their electronic security.

"What business people need to be aware of," he says, "is that the Chinese are very clear about who is coming into the country. You could be a senior level executive or a scientist and they will target you for surveillance."
(more)
How To Safeguard Your Privacy In Beijing - the short list.

Did You Know #172 - Credit Card Standards

If you have anything to do with credit cards,
you need to know this...

"Credit card companies want you to charge it and they know that concerns about identity theft might possibly slow down your card use — so it is in their best interests to make sure that a solid security standard is in place to protect you. The standard has turned into a requirement for everyone who takes a credit card and that turns out to be literally millions of grocers, retailers, online retail outlets, government agencies, convenience stores, utilities — almost everyone. So the PCI-DSS standard may be the most widely applied information (data) security standard in the world.

With such a widespread and critical standard, there is confusion about how to meet the standard because just doing a self-assessment isn’t enough — you are also required to do penetration tests on your systems that handle and transmit this electronic customer information and ATTEST that you use the standard in your information systems.

This includes having strong firewalls that protect cardholder data and making sure to remove the generic vendor-supplied passwords; using good storage devices for sensitive customer information and encrypting data that flows over your network. In addition, the card manager has to use anti-virus software, and also build secure systems. Once proper controls are in place, these controls need to be monitored and tested..."
Which leads us to the author of this piece.
Get to know her.
Caroline R. Hamilton is the Founder of RiskWatch, Inc. She offers twelve specialized risk assessment software programs which are used by thousands of her clients all over the world and in virtually every type of security assessment, gap analysis, and compliance assessment.

Murray Associates can assist you with the technical end of Wireless LAN compliance for PCI-DSS and...
• Sarbanes-Oxley Act – U.S. Public Companies
• HIPAA – Health Insurance Portability and Accountability Act
• GLBA – Gramm-Leach-Bliley Financial Services Modernization Act
• PCI-DSS – Payment Card Industry Data Security Standard
• FISMA – Federal Information Security Management Act
• DoD 8100.2 – Use of Commercial Wireless Devices, Services, and Technologies in the Department of Defense Global Information Grid
• ISO 27001 – Information Security Management
• Basel II Accord – Banking
• EU - CRD (Cad 3) – EU - Capital Requirements Directive - Banking

Spybusters Shades - Poop on the Paparazzi

Proof of Concept. Very effective. Murray's Prediction: Look for some sharp sunglass manufacturer to put this into production.
"Spy", perhaps?!?!

Q&A Time - Radio Frequency (RF) Blocking

From a professional colleague...
Q. "I would like to know if there is any security film that can be applied to windows to help block RF emissions. I have heard of curtains that are made for purpose? not sure though? Any ideas would be appreciated. Thanks."

A. Their are all sorts of RF shielding materials on the market: window film, speciality glass, screening, wallpaper, paint, gaskets, curtains, beanies, etc. Each item, by itself, is not a very effective solution. Used in conjunction with one another, RF may be attenuated to a point where it solves a particular problem. The attenuation will not be 100% unless one constructs a fully shielded room (Faraday cage). In government circles these specially built rooms are called Sensitive Compartmentalized Information Facility, otherwise known as a SCIF. Even then, the slightest crack or deformed door gasket will allow RF in/out.

100% shielding becomes problematic when the application is eavesdropping countermeasures. Shielded rooms are ugly and expensive, and other methods are not 100% effective. In counterespionage and TSCM, the information is either protected, or it is not protected.

Here is a review of a new window film.
Here is a review of the effectiveness of beanies.
~Kevin

Report: C-level execs more involved with security

The major data breaches that have received mass media coverage are driving so-called "C-level" executives to become actively involved in their organization's security policies, according to a new report from the (ISC)2.

There are several key "take-aways" from the report, titled "2008 (ISC)2 Global Information Security Workforce" and authored by Rob Ayoub, Frost & Sullivan's network security industry manager.

Ayoub told SCMagazineUS.com that these include the fact that C-level executives are paying attention to security...

"CEOs are asking their security professionals important questions about how they're prepared to not become another TJX," (answers) (more)

The Headline Evil Word You Can Prevent

April 22, 2008 - "Sanford Hospital tightens security after baby taken"

The good news...
The child was rescued a short time later by a police officer who stopped a Chevy Blazer on Interstate 4 (more)

The bad news...
Most corporations are hedging their bets that the word "after" will not appear in a headline about their security efforts.

In the corporate world, stealing intellectual property is the real-life equivalent of a baby – the corporation's baby. The baby who is to be nurtured into the company's future.

Now is the time to tighten security;
• while it is inexpensive to do,
• while your stockholder good-will is high,
• while you still have a job.

1. Work with your Legal Department to upgrade and keep current: non-disclosure agreements, non-compete contracts, and pro-active programs to detect and deter eavesdropping and espionage.

2. Work with your IT department on: password protection, encryption, wireless LAN security audit and compliance surveys, and employee education.

3. Keep current with intellectual property threats.
Read the news.
Offer the boss proof!
You need funding to prevent eavesdropping and espionage problems.

P.S. Problems do happen...
• Recent Problem #1
• Recent Problem #2
• Recent Problem #3
• Recent Problem #4
• Recent Problem #5
• Recent Problem #6
• Recent Problem #7
• Recent Problem #8
• Recent Problem #9
• Recent Problem #10
And all this was just April's news!

Is it any wonder that this Hot Boardroom Topic was also in April's news?
~Kevin

"...This DVD will self-destruct in..."

Germany - The branded 'Einmal' (Deutsch for 'once') discs employ a chemical coating that starts breaking the disc down once the vacuum seal is breached. On average, users get 48 hours of use from a €3.99 ($6.44) disc. Once the disc has run its course, it'll show up as non-readable when popped into a player (no explosion). (more)
Proposition Impossible, unless a good security application comes along.

CNN Report - Chinese spies in the US

Night Flight

Two men attempting to board a plane to China with nearly a dozen sensitive infrared cameras in their luggage were arrested... Yong Guo Zhi, a Chinese national, and Tah Wei Chao, a naturalized U.S. citizen, were arrested for investigation of trying to take thermal imaging cameras with potential military use to China without the proper export licenses... Ten of the cameras, which measure about 2 inches square and cost about $5,000 each, were found in the men's checked luggage... (more) (related video) (the other Night Flight)

Data Land Mines

1. A slip of the finger reveals the company secret.
- Turn off that auto-fill feature.
2. People give away passwords and other secrets without thinking.
- Engage brain. Shut mouth.
3. A trusted partner ends up not being so trustworthy with your data.
- Share sparingly.
4. Web-based apps can be portals to leaks and thieves.
- VPN it instead.
5. Hoping the worse doesn’t happen only makes it worse.
- Plan for disasters.
6. Avoiding or diluting response leadership makes breaches worse.
- Designate a buck-stopper.
7. Handling breach details sloppily tips off the perp.
- Practice 'need-to-know'.
8. Trusting "silver bullet" technology hides real threats.
- There ain't no Lone Ranger.
9. Spending unthinkingly wastes resources you might need for important threats.
- Gauge threats.
10. Don't save the wrong data.
- Only store what you need.
(more)

Crime Does Not Pay! (No, really, it doesn't.)

According to a new study dug up by Secrecy News, modern-day spies -- at least the ones who get caught -- don't appear to be making much money.

The study (.pdf), conducted for the Defense Personnel Security Research Center based on its Espionage Database, concludes that "Two thirds of American spies since 1990 have volunteered. Since 1990, spying has not paid well: 80% of spies received no payment for espionage, and since 2000 it appears no one was paid.” (more)

Idea for new sitcom... Plain Stupid! - "Should you be caught, we will disavow any..."

A spy who infiltrated a direct action anti-aviation group has been exposed after making a series of elementary errors that aroused the suspicions of genuine activists.

Toby Kendall joined Plane Stupid, the group that occupied the roof of the Houses of Parliament last month, after graduating from Oxford last year. He told the activists that his name was “Ken Tobias” and said that he was deeply concerned by the impact of the aviation industry on climate change and that he wanted to help to organise protests.

But his habit of wearing a Palestinian scarf with his Armani jeans and designer shirt made some members question his identity. He was also the only member to turn up early to every meeting but had no friends in the activist community...

Plane Stupid began a mole hunt and, after feeding him false information that found its way within two days to the aviation industry, discovered his real name and employer.

Mr. Kendall, 24, works for C2i International, a counter-intelligence company run by former special forces officers. It claims that its agents are “hand-picked from Special Operations at New Scotland Yard”...

Justin King, C2i’s managing director, claimed to have been unaware of Mr. Kendall’s infiltration of Plane Stupid. He said Mr. Kendall was employed to carry out counter-surveillance such as “debugging company offices”. (D'oh!) (more)

This is a cautionary tale for corporations and protest groups alike.
1. Espionage is multifaceted - eavesdropping, wiretapping, dumpster diving, moles, etc.
2. Failed attempts end up in the newspapers. Successes go unnoticed.
3. Attacks fail when people start looking.
4. Start looking.
In this case, "...a contact at Oxford University recognised a photo we'd taken. Our spy wasn't called 'Ken Tobias', but Toby Kendall - an Oriental Studies student from Wadham College. A quick google search revealed a Bebo page with a photo. Snap! It also took us to Linked In, a high-flying corporate networking site, where 'Ken' claimed to be an analyst at C2i International, working in "Security and Investigations".
Note: Even Austin Powers had a better cover story. Don't expect your mole to be as obvious.

Hot Boardroom Topic - Counterespionage

Security is becoming a board-level issue as the number of cyber-attacks and corporate espionage incidents are growing significantly each year...

Few people would dispute the mystique that surrounds the boardroom. This allure has been around for some time, but it was recently heightened by the popular TV series "The Apprentice" with business icon Donald Trump. Boards of directors deal with sensitive issues and handle privileged information, and board meetings themselves call to mind strategy discussion, stock discussions and major contracts.

Taking advantaged of privileged information is illegal. As you can imagine, access to privileged financial and stock information could easily be used for insider trading. The sensitive information and financial data must be controlled in order to comply with Securities and Exchange Commission disclosure requirements.

What you may not think of are the discussions around information security, which has become a board-level issue. Cyber-attacks and corporate espionage are growing significantly year-over-year. In a training program developed by Spy-Ops, the company notes that corporate espionage worldwide is now more than a trillion-dollar problem annually and growing. Data breaches, theft of intellectual property, insider trading and other criminal acts now demand the attention of the board of directors.

"Enterprise risk management discussions and strategies have moved into the executive suites and boardrooms. This is due primarily to the significant implications associated with security breaches," said Paula Cordaro of Spy-Ops. (more)

S(he) M(aybe) E(arliest) R(ussian) S(py) H(ero) - B. Badenov

Russia’s oldest counter-intelligence officer is 100 years young. And although she's long retired, Maria Lyovina is still barred from revealing sensitive details about her work in the past.

She may not look like your archetypal secret agent but Maria Lyovina was catching spies long before the world had ever heard of James Bond.

A great grandmother three times over, her Ulanovsk flat is filled with family photographs. One is a striking image of the young woman German agents came to fear.

Maria was working as a secretary in a Leningrad factory when the Soviet Union entered the Second World War.

She was recruited by Army officers looking for an experienced typist.

She joined SMERSH, a counter intelligence group dedicated to catching traitors and undercover Germans. Its name literally meant ‘death to spies’. (more) (video)

Spy Buster Locates Sophisticated Wireless Eavesdropping Devices

According to the Freedonia Group, a market research group in Cleveland, Ohio, companies spend over $95 billion annually on corporate security.


One of the fastest growing areas for this spending is corporate espionage prevention.

Factors in this growth include everything from globalization to decreased employee loyalty and the fact that the most valuable asset of a corporation these days is information, which can be easier to steal than a piece of machinery.

So what’s a worried executive or security professional to do?
Increasingly, companies and government agencies are turning to firms that specialize in detecting and removing eavesdropping and other surveillance devices... (more)

Spybusters Selects Tektronix to Aid in Fight Against Corporate Espionage

via Microwave Journal...
Tektronix Inc., a provider of test, measurement and monitoring instrumentation, announced that Murray Associates, registered as Spybusters LLC, has selected a Tektronix Real-Time Spectrum Analyzer (RTSA) with DPX™ live RF display technology to help the security consultancy identify wireless eavesdropping devices that may be located in clients’ facilities including boardrooms and security trading floors. The RTSA instrument enables the firm to quickly and efficiently spot sophisticated listening devices, even in challenging environments where there are many competing signals.

Corporate espionage is on the rise due to such factors as globalization, decreased employee loyalty and the increasing value of information. In some parts of the world espionage is a common business practice in competitive industries. At the same time, new technologies are making it easier and more affordable than ever to steal information by tapping into private conversations. Given the potential reward, spies are employing increasingly sophisticated technology that can be difficult to detect.

To fight back against this espionage, companies as well as government agencies are turning to firms that specialize in detecting and removing eavesdropping and other surveillance devices. One of the leaders in the segment is Murray Associates. Based in Oldwick, New Jersey, the 30-year-old company, which is registered as Spybusters LLC, is seeing heightened demand for its services. The majority of the firm’s clients schedule regular inspections or sweeps for any form of electronic surveillance technology in sensitive areas such as executive suites, boardrooms, trading floors, vehicles and aircraft as well as executive homes and off-site meeting locations. (more)

In-house NSA

A rapid way to spot insider threats from individuals within an organization such as a multinational company or military installation is reported in the current issue of the International Journal of Security and Networks. The technology uses data mining techniques to scour email and build up a picture of social network interactions. The technology could prevent serious security breaches, sabotage, and even terrorist activity.

Gilbert Peterson and colleagues at the Air Force Institute of Technology at Wright Patterson AFB, in Ohio are developing technology that could help any organization sniff out insider threats by analyzing email activity or find individuals among potentially tens of thousands of employees with latent interests in sensitive topics. The same technology might also be used to spot individuals who feel alienated within the organization as well as unraveling any worrying changes in their social network interactions. (more)

Global Info Survey - CIO's Get Smart

A growing number of organizations recognize information security can provide more than just protection of corporate assets, with the delivery of IT and operational efficiencies and improving overall business performance emerging as critical objectives. That is the word from Ernst & Young's 10th annual global information security survey. The survey canvassed nearly 1,300 senior executives in more than 50 countries. (more)

"Grab the binoculars. The girls are headed for the Blue Lagoon!"

Regime revives Fiji spy agency
The interim Cabinet will revive the National Security Council and the Fiji Intelligence Services. A statement from the interim Cabinet said this was a move to combat threats of terrorism against Fiji. (more)

SpyCam Story #431 - Sticky Fingers

Security Guard Arrested For Vending Burglary
NC - A covert machine/changer camera was installed at the location to help determine the cause of these chronic unexplained shortages.

The video revealed evidence that a security guard from the location, a federal facility, was opening a vending machine and stealing cash. This machine was used to store the account vending collections in a mother bag from all the machines. The security guard was taking the cafeteria manager's vending key from an unlocked desk drawer in the cafeteria office. Audit records indicate that this individual stole $1,000 over three months. (more)

This is a commom problem. Many of our counterespionage reports contain this obvious recommendation...
Do not leave keys behind.
The most common offense we see is: Admin locks the executive's office door at night and leaves the keys in their unlocked desk just a few feet away.

"Would locking the desk help?"
No. Desk locks are easily pickable (or destructible)... as are filing cabinet locks.

"What could be worse?"
Those big key control cabinets which hold all the spare keys!

Most of their locks are as easily pickable as the desk locks... and, by the way, where is this key "hidden"? Can't find the key? Can't pick it? No problem. People rarely secure key-cabinets to the wall properly, anyway. Just grab it and go.

A few key control solutions for you...
FREE - Guide to Developing and Managing Key Control Policies and Procedures
Traka Key Control System
KeyTrak

DIY - Electric Outlet Hidden Compartment

Spy vs Spy - The DC Tunnel

March 5, 2001 - Russia's Foreign Ministry has demanded details of a secret tunnel allegedly built underneath the Soviet Embassy in Washington for eavesdropping.

Present and former U.S. officials told CNN the tunnel -- under what is now the Russian Embassy -- was built by American intelligence services and packed with millions of dollars worth of sophisticated equipment. (more)

Spy vs. Spy - The East Berlin Tunnel

On a rainy day 52 years ago, the cover was blown on one of the biggest espionage plots of the Cold War. Soviet and East German forces announced that they had found a quarter-mile-long tunnel that the CIA had burrowed into East Berlin as part of a massive wiretapping operation.

Though the audacious project had come to a crashing end, news of the discovery generated unrestrained glee across the Atlantic at CIA headquarters. America's spymasters were thrilled by the world's response: admiration for the CIA's daring and technical prowess, and a general assumption that the agency had roundly snookered the Soviets.

The truth was much more complicated. Unbeknownst to the CIA, the Soviets had known about the tunnel all along. (more)
Book: Battleground Berlin: CIA vs. KGB in the Cold War

SpyCam Story #428 - Counterspy High

MA - Students (Jason Kuo and Nathan Yeo) writing for Newton South High School's newspaper (Denebola) discovered that secret cameras were installed in their school.

"Two cameras are located near the locker rooms and are enclosed in black translucent domes. Three others are in halls around the school and are disguised as smoke detectors. They have clear views of bathrooms that school administrators believe are at most risk of vandalism." (more)

"It's just really concerning that the general public just wasn't made aware of the fact that they installed these cameras," said Jason Kuo, a managing editor who worked on the story.

School Principal Brian Salzer wrote an internal e-mail, "They were installed without permission from anyone. I didn't know they were up! The students broke the story to (Superintendent) Jeff Young, School Committee and me." ...Salzer, who wouldn't speak on camera, admitted he later learned who installed the cameras but refused to reveal names. He also indicated in his e-mail that he believed the cameras would be removed soon. (more)

Spy History - OSS - A Living History Website

"The Office of Strategic Services (OSS) was created on June 13, 1942 by President Franklin D. Roosevelt who understood America's need for an intelligence service similar to Britain's Special Operations Executive (SOE).

Its director was Major General William "Wild Bill" Donovan, a World War I Medal of Honor winner, the only person to win our nation's four highest military honors, and the father of the CIA and US Special Forces." (more) (OSS wikipedia) (The OSS Society)

OSS Reborn is a website created by my good colleague Charles Pinck and his father Dan Pinck, who served in the OSS. The website tells the history of this exciting - and life saving - espionage organization. It also goes one step further - living history. OSSreborn.com solicits contributions! This will get very interesting.

In the meantime, pick up a copy of Dan Pinck's memoir, Journey to Peking: A Secret Agent in Wartime China.

"I said 'non-profit', not 'open a shop and don't let anyone in'."

Canada's official spy souvenir shop is the perfect complement to the country's official spy museum. They're both top-secret facilities that are strictly off limits to ordinary Canadians and tourists. But in a nod to the modern world, the agency has since posted a virtual tour on its website, highlighting items such as a toy truck that conceals a microdot reader and codebook.

Word of the Canadian Security Intelligence Service's museum, featuring espionage cameras, micro-transmitters and other paraphernalia from the Cold War, leaked to the media years ago.
But a newly released document indicates CSIS also runs a non-profit "souvenir shop," available only to those with proper security clearance. (more)

The NSA has a great spy museum and souvenir shop which is open to the public. Free admission!

Wanted by the FBI: spy busters

Curious about how the FBI operates?
If you can pass a background and are 21 or over, a six-week course awaits you. (